In my Proxy implementation of NETransparentProxyProvider, a particular flow is not handled when I return (false) from handleNewFlow() and that flow traffic is being dropped by macos. This traffic is generated by a 3rd party VPN client and the VPN client fails to connect to server. This issue is not seen when 'NETransparentProxyProvider' is disabled on the system. I could see below in the logs (VPN server address: 112.198.38.172):
What is special in this VPN client traffic that after returning (false) from 'NETransparentProxyProvider::handleNewFlow()', it is not handled by MacOS. Meanwhile other traffic (eg, raised by browser) are successfully handled when returned from 'NETransparentProxyProvider::handleNewFlow()'
I’ve seen problems like this before but there’s really not much I do to help you here. As a transparent proxy provider your only option is:
-
Set up the rules so that you’re not passed the flow.
-
Or return false from the flow.
If you can’t do the first, then your only option is the second. And if you do the second and that causes the flow’s originating process to fail, there’s not much you can do about that. Your only option in that case is to file a bug so that the NE team can investigate why this is failing.
Please post your bug number, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"